Privilege Actions权限操作

On this page本页内容

Privilege actions define the operations a user can perform on a resource. 权限操作定义用户可以对资源执行的操作。A MongoDB privilege comprises a resource and the permitted actions. MongoDB权限包括资源和允许的操作。This page lists available actions grouped by common purpose.本页列出了按共同目的分组的可用操作。

MongoDB provides built-in roles with pre-defined pairings of resources and permitted actions. MongoDB通过预定义的资源配对和允许的操作提供内置角色。For lists of the actions granted, see Built-In Roles. 有关授权操作的列表,请参阅内置角色To define custom roles, see Create a User-Defined Role.要定义自定义角色,请参阅创建用户定义的角色

Query and Write Actions查询和写入操作

find

User can perform the following commands, and their equivalent helper methods:用户可以执行以下命令及其等效的助手方法:

Required for the query portion of the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection.输出到集合时,mapReduce命令的查询部分和db.collection.mapReduce()助手方法需要。

Required for the query portion of the findAndModify command and db.collection.findAndModify() helper method.findAndModify命令的查询部分和db.collection.findAndModify()助手方法需要。

Required on the source collection for the cloneCollectionAsCapped and renameCollection commands and the db.collection.renameCollection() helper method.cloneCollectionAsCappedrenameCollection命令以及db.collection.renameCollection()助手方法在源集合上是必需的。

For MongoDB 4.0.6+:对于MongoDB 4.0.6+:
If the user does not have the listDatabases privilege action, users can run the listDatabases command to return a list of databases for which the user has privileges (including databases for which the user has privileges on specific collections) if the command is run with authorizedDatabases option unspecified or set to true.如果用户没有listDatabases权限操作,则如果在未指定authorizedDatabases选项或将其设置为true的情况下运行该命令,则用户可以运行listDatabases命令以返回用户具有权限的数据库列表(包括用户对特定集合具有权限的数据集)。
For MongoDB 4.0.5:对于MongoDB 4.0.5:
If the user does not have the listDatabases privilege action, users can run the listDatabases command to return a list of databases for which the user has the find action privilege if the command is run with authorizedDatabases option unspecified or set to true.如果用户没有listDatabases权限操作,则用户可以运行listDatabases命令以返回用户具有find操作权限的数据库列表,如果该命令是在未指定authorizedDatabases选项或设置为true的情况下运行的。
For MongoDB 4.0.0-4.0.4:对于MongoDB 4.0.0-4.0.4:
If the user does not have the listDatabases privilege action, users can run the listDatabases command to return a list of databases for which the user has the find action privilege.如果用户没有listDatabases权限操作,则用户可以运行listDatabases命令返回用户具有find操作权限的数据库列表。

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

insert

User can perform the following commands and their equivalent methods:用户可以执行以下命令及其等效方法:

Required for the output portion of the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection.输出到集合时,mapReduce命令的输出部分和db.collection.mapReduce()助手方法需要。

Required for the aggregate command and db.collection.aggregate() helper method when using the $out or $merge pipeline operator.在使用$out$merge管道运算符时,aggregate命令和db.collection.aggregate()助手方法需要。

Required for the update and findAndModify commands and equivalent helper methods when used with the upsert option.upsert选项一起使用时,updatefindAndModify命令以及等效的助手方法都需要。

Required on the destination collection for the following commands and their helper methods:以下命令及其帮助程序方法在目标集合上是必需的:

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

remove

User can perform the delete command and equivalent helper method.用户可以执行delete命令和等效的helper方法。

Required for the write portion of the findAndModify command and db.collection.findAndModify() method.findAndModify命令和db.collection.findAndModify()方法的写入部分需要。

Required for the mapReduce command and db.collection.mapReduce() helper method when you specify the replace action when outputting to a collection.在输出到集合时指定替换操作时,mapReduce命令和db.collection.mapReduce()助手方法需要。

Required for the aggregate command and db.collection.aggregate() helper method when using the $out pipeline operator.在使用$out管道运算符时,aggregate命令和db.collection.aggregate()助手方法需要。

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

update

User can perform the update command and equivalent helper methods.用户可以执行update命令和等效的助手方法。

Required for the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection without specifying the replace action.在不指定replace操作的情况下输出到集合时,mapReduce命令和db.collection.mapReduce()助手方法需要。

Required for the findAndModify command and db.collection.findAndModify() helper method.findAndModify命令和db.collection.findAndModify()助手方法所需。

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

bypassDocumentValidation

Users can bypass document validation on commands and methods that support the bypassDocumentValidation option. 用户可以在支持bypassDocumentValidation选项的命令和方法上绕过文档验证The following commands and their equivalent methods support bypassing document validation:以下命令及其等效方法支持绕过文档验证:

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

useUUID

User can execute the following commands using a UUID as if it were a namespace:用户可以像使用命名空间一样使用UUID执行以下命令:

For example, this privilege authorizes a user to run the following command which executes a find command on a collection with the given UUID. 例如,此权限授权用户运行以下命令,该命令对具有给定UUID的集合执行find命令。In order to be successful, this operation also requires that the user is authorized to execute the find command on the collection namespace corresponding to the given UUID.为了成功,此操作还需要授权用户在与给定UUID对应的集合命名空间上执行find命令。

db.runCommand({find: UUID("123e4567-e89b-12d3-a456-426655440000")})

For more information on collection UUIDs, see Collections.有关集合UUID的更多信息,请参阅集合

Apply this action to the cluster resource.将此操作应用于cluster资源。

Database Management Actions数据库管理操作

changeCustomData

User can change the custom information of any user in the given database. Apply this action to database resources.用户可以更改给定数据库中任何用户的自定义信息。将此操作应用于数据库资源。

changeOwnCustomData

Users can change their own custom information. Apply this action to database resources. 用户可以更改自己的自定义信息。将此操作应用于数据库资源。See also Change Your Password and Custom Data.另请参见更改密码和自定义数据

changeOwnPassword

Users can change their own passwords. 用户可以更改自己的密码。Apply this action to database resources. 将此操作应用于数据库资源。See also Change Your Password and Custom Data.另请参见更改密码和自定义数据

changePassword

User can change the password of any user in the given database. 用户可以更改给定数据库中任何用户的密码。Apply this action to database resources.将此操作应用于数据库资源。

createCollection

User can perform the db.createCollection() method. 用户可以执行db.createCollection()方法。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

createIndex

Provides access to the db.collection.createIndex() method and the createIndexes command. 提供对db.collection.createIndex()方法和createIndexes命令的访问。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

createRole

User can create new roles in the given database. 用户可以在给定的数据库中创建新角色。Apply this action to database resources.将此操作应用于数据库资源。

createUser

User can create new users in the given database. 用户可以在给定的数据库中创建新用户。Apply this action to database resources.将此操作应用于数据库资源。

dropCollection

User can perform the db.collection.drop() method. 用户可以执行db.collection.drop()方法。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

dropRole

User can delete any role from the given database. 用户可以从给定数据库中删除任何角色。Apply this action to database resources.将此操作应用于数据库资源。

dropUser

User can remove any user from the given database. 用户可以从给定数据库中删除任何用户。Apply this action to database resources.将此操作应用于数据库资源。

enableProfiler

User can perform the db.setProfilingLevel() method. Apply this action to database resources.将此操作应用于数据库资源。

grantRole

User can grant any role in the database to any user from any database in the system. 用户可以从系统中的任何数据库向任何用户授予数据库中的任何角色。Apply this action to database resources.将此操作应用于数据库资源。

killCursors

Starting in MongoDB 4.2, users can always kill their own cursors, regardless of whether the users have the privilege to killCursors. 从MongoDB 4.2开始,用户总是可以杀死自己的游标,而不管用户是否拥有killCursors的权限。As such, the killCursors privilege has no effect in MongoDB 4.2+.因此,killCursors权限在MongoDB 4.2+中无效。

In MongoDB 3.6.3 through MongoDB 4.0.x, users require killCursors privilege to kill their own curors when access control is enabled. 在MongoDB 3.6.3到MongoDB 4.0x中,当启用访问控制时,用户需要killCursors权限来杀死自己的curors。Cursors are associated with the users at the time of cursor creation. 游标在创建游标时与用户关联。Apply this action to collection resources.将此操作应用于集合资源。

killAnyCursor

User can kill any cursor, even cursors created by other users. 用户可以杀死任何游标,甚至是其他用户创建的游标。Apply this action to collection resources.将此操作应用于集合资源。

planCacheIndexFilter

User can run the planCacheClearFilters, planCacheListFilters, and planCacheSetFilter commands. 用户可以运行planCacheClearFiltersplanCacheListFiltersplanCacheSetFilter命令。Apply the planCacheIndexFilter action to collection resources.planCacheIndexFilter操作应用于集合资源。

revokeRole

User can remove any role from any user from any database in the system. 用户可以从系统中的任何数据库中删除任何用户的任何角色。Apply this action to database resources.将此操作应用于数据库资源。

setAuthenticationRestriction

User can specify the authenticationRestrictions field in the user document when running the following commands:运行以下命令时,用户可以在user文档中指定authenticationRestrictions字段:

User can specify the authenticationRestrictions field in the role document when running the following commands:运行以下命令时,用户可以在role文档中指定authenticationRestrictions字段:

Note注意

The following built-in roles grant this privilege:以下内置角色授予此权限:

Transitively, the restore and root roles also provide this privilege.通过转换,restoreroot角色也提供此权限。

Apply this action to database resources.将此操作应用于数据库资源。

setFeatureCompatibilityVersion

User can run the setFeatureCompatibilityVersion command. 用户可以运行setFeatureCompatibilityVersion命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

unlock

User can perform the db.fsyncUnlock() method. 用户可以执行db.fsyncUnlock()方法。Apply this action to the cluster resource.将此操作应用于cluster资源。

viewRole

User can view information about any role in the given database. 用户可以查看给定数据库中任何角色的信息。Apply this action to database resources.将此操作应用于数据库资源。

viewUser

User can view the information of any user in the given database. 用户可以查看给定数据库中任何用户的信息。Apply this action to database resources.将此操作应用于数据库资源。

Deployment Management Actions部署管理操作

authSchemaUpgrade

User can perform the authSchemaUpgrade command. 用户可以执行authSchemaUpgrade命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

cleanupOrphaned

User can perform the cleanupOrphaned command. 用户可以执行cleanupOrphaned命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

cpuProfiler

User can enable and use the CPU profiler. 用户可以启用并使用CPU探查器。Apply this action to the cluster resource.将此操作应用于群集资源。

inprog

User can use the db.currentOp() method to return information on pending and active operations. 用户可以使用db.currentOp()方法返回有关挂起和活动操作的信息。Apply this action to the cluster resource.将此操作应用于cluster资源。

Changed in version 3.2.9.在版本3.2.9中更改

Even without the inprog privilege, on mongod instances, users can view their own operations by running db.currentOp( { "$ownOps": true } ).即使没有inprog权限,在mongod实例上,用户也可以通过运行db.currentOp( { "$ownOps": true } )查看自己的操作。

invalidateUserCache

Provides access to the invalidateUserCache command. 提供对invalidateUserCache命令的访问。Apply this action to the cluster resource.将此操作应用于cluster资源。

killop

User can perform the db.killOp() method. 用户可以执行db.killOp()方法。Apply this action to the cluster resource.将此操作应用于cluster资源。

Changed in version 3.2.9.在版本3.2.9中更改

Even without the killop privilege, on mongod instances, users can kill their own operations.即使没有killop权限,在mongod实例上,用户也可以终止自己的操作。

planCacheRead

User can run the following operations:用户可以运行以下操作:

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

planCacheWrite

User can perform the planCacheClear command and the PlanCache.clear() and PlanCache.clearPlansByQuery() methods. 用户可以执行planCacheClear命令以及PlanCache.clear()PlanCache.clearPlansByQuery()方法。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

storageDetails

User can perform the deprecated storageDetails command. 用户可以执行弃用的storageDetails命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

Change Stream Actions更改流操作

changeStream

User with changeStream and find on the specific collection, all non-system collections in a specifc database, or all non-system collections across all databases can open change stream cursor for that resource.具有特定集合、特定数据库中的所有非system集合或所有数据库中的全部非系统集合的changeStreamfind的用户可以打开该资源的变更流游标

Replication Actions复制操作

appendOplogNote

User can append notes to the oplog. Apply this action to the cluster resource.用户可以向oplog添加注释。将此操作应用于cluster资源。

replSetConfigure

User can configure a replica set. 用户可以配置副本集。Apply this action to the cluster resource.将此操作应用于cluster资源。

replSetGetConfig

User can view a replica set's configuration. 用户可以查看副本集的配置。Provides access to the replSetGetConfig command and rs.conf() helper method.提供对replSetGetConfig命令和rs.conf()助手方法的访问。

Apply this action to the cluster resource.将此操作应用于cluster资源。

replSetGetStatus

User can perform the replSetGetStatus command. 用户可以执行replSetGetStatus命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

replSetHeartbeat

User can perform the deprecated replSetHeartbeat command. 用户可以执行不推荐的replSetHeartbeat命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

replSetStateChange

User can change the state of a replica set through the replSetFreeze, replSetMaintenance, replSetStepDown, and replSetSyncFrom commands. 用户可以通过replSetFreezereplSetMaintenancereplSetStepDownreplSetSyncFrom命令更改副本集的状态。Apply this action to the cluster resource.将此操作应用于cluster资源。

resync

User can perform the deprecated resync command. 用户可以执行不推荐的resync命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

Sharding Actions分片操作

addShard

User can perform the addShard command. 用户可以执行addShard命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

clearJumboFlag

Available starting in 4.2.3 and 4.0.15从4.2.3和4.0.15开始提供

Required to clear a chunk's jumbo flag using the clearJumboFlag command. 需要使用clearJumboFlag命令清除块的jumbo标志。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

Included in the clusterManager built-in role.包含在clusterManager内置角色中。

enableSharding
Note注意
Applicable Resources适用资源

The action can apply to either:该措施可适用于以下任一情况:

  • Database or collection resource to enable sharding for a database or shard a collection.数据库集合资源,用于为数据库或集合启用分片。
  • Cluster resource to perform various shard zone operations (Starting in version 4.2.2, 4.0.14, 3.6.16).用于执行各种分片区域操作的群集资源(从版本4.2.2、4.0.14和3.6.16开始)。
Resources资源Description描述
Database数据库 or
Collection集合

Grants users privileges to perform the following operations:授予用户执行以下操作的权限:

Cluster
Starting in version 4.2.2, 4.0.14, 3.6.16

Grants users privileges to perform the following shard zone operations:授予用户执行以下分片区域操作的权限:

You can also perform these shard zone operations if you have find/update actions on the appropriate collections in the config database. 如果对config数据库中的适当集合执行find/update操作,也可以执行这些分片区域操作。Refer to the specific operations for details.详见具体操作。

refineCollectionShardKey

Provides privileges to refine the shard key for a sharded collection; i.e. run the refineCollectionShardKey command. 提供为分片集合优化分片键的权限;即,运行refineCollectionShardKey命令。Apply this action to database or collection resource.将此操作应用于数据库集合资源

Included in the clusterManager built-in role.包含在clusterManager内置角色中。

New in version 4.4.在版本4.4中新增

flushRouterConfig

User can perform the flushRouterConfig command. 用户可以执行flushRouterConfig命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

getShardMap

User can perform the getShardMap command. 用户可以执行getShardMap命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

getShardVersion

User can perform the getShardVersion command. 用户可以执行getShardVersion命令。Apply this action to database resources.将此操作应用于数据库资源。

listShards

User can perform the listShards command. 用户可以执行listShards命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

moveChunk

User can perform the moveChunk command. 用户可以执行moveChunk命令。In addition, user can perform the movePrimary command provided that the privilege is applied to an appropriate database resource. 此外,用户可以执行movePrimary命令,前提是将权限应用于适当的数据库资源。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

removeShard

User can perform the removeShard command. 用户可以执行removeShard命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

shardingState

User can perform the shardingState command. 用户可以执行shardingState命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

splitVector

User can perform the splitVector command. 用户可以执行splitVector命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

Server Administration Actions服务器管理操作

applicationMessage

User can perform the logApplicationMessage command. 用户可以执行logApplicationMessage命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

closeAllDatabases

User can perform the deprecated closeAllDatabases command. 用户可以执行不推荐的closeAllDatabases命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

collMod

User can perform the collMod command. 用户可以执行collMod命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

compact

User can perform the compact command. 用户可以执行compact(压缩)命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

connPoolSync

User can perform the connPoolSync command. 用户可以执行connPoolSync命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

convertToCapped

User can perform the convertToCapped command. 用户可以执行convertToCapped命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

dropConnections

User can perform the dropConnections command. 用户可以执行dropConnections命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

dropDatabase

User can perform the dropDatabase command. 用户可以执行dropDatabase命令。Apply this action to database resources.将此操作应用于数据库资源。

dropIndex

User can perform the dropIndexes command. 用户可以执行dropIndexes命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

forceUUID

User can create a collection with a user-defined collection UUID using the applyOps command.用户可以使用applyOps命令创建具有用户定义的集合UUID的集合。

Apply this action to the cluster resource.将此操作应用于cluster资源。

fsync

User can perform the fsync command. 用户可以执行fsync命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

getDefaultRWConcern

User can issue the administrative getDefaultRWConcern command. 用户可以发出管理getDefaultRWConcern命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

getParameter

User can perform the getParameter command. 用户可以执行getParameter命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

hostInfo

Provides information about the server the MongoDB instance runs on. 提供有关运行MongoDB实例的服务器的信息。Apply this action to the cluster resource.将此操作应用于cluster资源。

oidReset

Required to reset the 5 byte random string that is used in the ObjectID.需要重置ObjectID中使用的5字节随机字符串。

logRotate

User can perform the logRotate command. 用户可以执行logRotate命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

reIndex

User can perform the reIndex command. 用户可以执行reIndex命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

renameCollectionSameDB

Allows the user to rename collections on the current database using the renameCollection command. 允许用户使用renameCollection命令重命名当前数据库上的集合。Apply this action to database resources.将此操作应用于数据库资源。

Additionally, the user must either have find on the source collection or not have find on the destination collection.此外,用户必须在源集合上具有find功能,或者在目标集合上没有find功能。

If a collection with the new name already exists, the user must also have the dropCollection action on the destination collection.如果已存在具有新名称的集合,则用户还必须对目标集合执行dropCollection操作。

rotateCertificates

User can perform the rotateCertificates command command. 用户可以执行rotateCertificates命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

setDefaultRWConcern

User can issue the administrative setDefaultRWConcern command. 用户可以发出管理setDefaultRWConcern命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

setParameter

User can perform the setParameter command. 用户可以执行setParameter命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

shutdown

User can perform the shutdown command. 用户可以执行shutdown(关机)命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

touch

User can perform the deprecated touch command. 用户可以执行不推荐的touch命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

Session Actions会话操作

impersonate

User can perform the killAllSessionsByPattern command with users and roles pattern. 用户可以使用usersroles模式执行killAllSessionsByPattern命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

To run killAllSessionsByPattern command, users must also have killAnySession privileges on the cluster resource.要运行killAllSessionsByPattern命令,用户还必须对群集资源具有killAnySession权限。

listSessions

User can perform the $listSessions operation or $listLocalSessions operation for all users or specified user(s). 用户可以对所有用户或指定用户执行$listSessions操作或$listLocalSessions操作。Apply this action to the cluster resource.将此操作应用于cluster资源。

killAnySession

User can perform the killAllSessions and the killAllSessionsByPattern command. 用户可以执行killAllSessionskillAllSessionsByPattern命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

Tip提示
See also: 参阅:

impersonate

Free Monitoring Actions空闲监视操作

checkFreeMonitoringStatus

User with this action on the cluster resource can check the status of Free Monitoring.cluster资源执行此操作的用户可以检查空闲监视的状态。

New in version 4.0.在版本4.0中新增

setFreeMonitoring

User with this action on the cluster resource can enable or disable Free Monitoring.cluster资源执行此操作的用户可以启用或禁用空闲监视

New in version 4.0.在版本4.0中新增

Diagnostic Actions诊断操作

collStats

User can perform the collStats command. 用户可以执行collStats命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

connPoolStats

User can perform the connPoolStats command. 用户可以执行connPoolStats命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

cursorInfo

User can perform the cursorInfo command. 用户可以执行cursorInfo命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

dbHash

User can perform the dbHash command. 用户可以执行dbHash命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

dbStats

User can perform the dbStats command. 用户可以执行dbStats命令。Apply this action to database resources.将此操作应用于数据库资源。

getCmdLineOpts

User can perform the getCmdLineOpts command. 用户可以执行getCmdLineOpts命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

getLog

User can perform the getLog command. 用户可以执行getLog命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

indexStats

User can perform the indexStats command. 用户可以执行indexStats命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

Changed in version 3.0.在版本3.0中更改

MongoDB 3.0 removes the indexStats command.MongoDB 3.0删除了indexStats命令。

listDatabases

User can perform the listDatabases command. 用户可以执行listDatabases命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

For MongoDB 4.0.6+:
If the user does not have the listDatabases privilege action, users can run the listDatabases command to return a list of databases for which the user has privileges (including databases for which the user has privileges on specific collections) if the command is run with authorizedDatabases option unspecified or set to true.如果用户没有listDatabases权限操作,则如果在未指定authorizedDatabases选项或将其设置为true的情况下运行该命令,则用户可以运行listDatabases命令以返回用户具有权限的数据库列表(包括用户对特定集合具有权限的数据集)。
For MongoDB 4.0.5:
If the user does not have the listDatabases privilege action, users can run the listDatabases command to return a list of databases for which the user has the find action privilege if the command is run with authorizedDatabases option unspecified or set to true.如果用户没有listDatabases权限操作,则用户可以运行listDatabases命令以返回用户具有find操作权限的数据库列表,如果该命令是在未指定authorizedDatabases选项或设置为true的情况下运行的。
For MongoDB 4.0.0-4.0.4:
If the user does not have the listDatabases privilege action, users can run the listDatabases command to return a list of databases for which the user has the find action privilege.如果用户没有listDatabases权限操作,则用户可以运行listDatabases命令返回用户具有find操作权限的数据库列表。
listCollections

User can perform the listCollections command. 用户可以执行listCollections命令。Apply this action to database resources.将此操作应用于数据库资源。

Note注意

Starting in version 4.0, user without the required privilege can run the listCollections command with bothauthorizedCollections and nameOnly options set to true. 从版本4.0开始,没有所需权限的用户可以运行listCollections命令,同时将authorizedCollectionsnameOnly选项设置为trueIn this case, the command returns just the name and type of the collection(s) to which the user has privileges.在这种情况下,该命令只返回用户有权限访问的集合的名称和类型。

listIndexes

User can perform the listIndexes command. 用户可以执行listIndexes命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

netstat

User can perform the netstat command. 用户可以执行netstat命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

serverStatus

User can perform the serverStatus command. 用户可以执行serverStatus命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

validate

User can perform the validate and validateDBMetadata commands. 用户可以执行validatevalidateDBMetadata命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

top

User can perform the top command. 用户可以执行top命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

Internal Actions内部操作

anyAction

Allows any action on a resource. 允许对资源执行任何操作。Do not assign this action unless it is absolutely necessary.除非绝对必要,否则不要分配此操作。

internal

Allows internal actions. 允许内部操作。Do not assign this action unless it is absolutely necessary.除非绝对必要,否则不要指定此操作。

applyOps

User can perform the applyOps command. 用户可以执行applyOps命令。Apply this action to a cluster resource.将此操作应用于cluster资源。

←  Resource DocumentCreate a Vulnerability Report →